Apple: Mac Users Should Get Antivirus Software

In a notable shift, Apple is now recommending that Mac users install anti-virus software to help users secure their systems.

In a technical note quietly published to its support site on Nov. 21, Apple issued the following advice:

"Apple encourages the widespread use of multiple anti-virus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."

This is news to me. Just under three months ago, I asked an employee at our local Apple store whether I needed anti-virus for my MacBook, and was told not to bother, that it was not necessary. I wonder if this means Apple will stop running television ads saying Mac users don't have to worry about malicious software?

Security Fix hears from readers constantly wondering whether they should secure their Macs. I suspect this may be because more people are choosing to purchase Macs over PCs loaded with Vista. I always tell people that the best advice is to enable the built-in firewall, and to keep the machine updated with the latest patches from Cupertino - in addition to fixes for add-ons like Adobe Flash and Reader.

But more importantly, Mac users should be more cautious about the programs they choose to install on their systems. After all, the majority of all malicious software designed for Macs doesn't use security flaws to break into systems: It tricks the user into agreeing to download and install it. While anti-virus software is designed to flag programs that are known threats, no security program can protect a system from a file or software the user chooses to install.

If you are considering anti-virus for your Mac, Apple recommends a few options (below). I should note that there is also a free anti-virus program available for OS X, called ClamXav. In addition, SecureMacoffers a free Trojan detection tool. For the record, I've had Symantec anti-virus installed on my MacBook for nearly two years now and it has never so much as made a peep.

I'd like to hear from any Mac readers out there: Do you use anti-virus on your Mac? If so, which security program(s) do you use? If you don't use anti-virus software on your Mac, is Apple's recommendation likely to change your mind? Sound off in the comments below.

Update, 2:35 p.m., Dec. 3: As a number of readers have pointed out, Apple has since pulled the advisory that prompted this blog post. Try to visit the old link for the advisory, and you will see the following message: "We're sorry. We can't find the article you're looking for."

In a written statement sent security news site Securityfocus.com, Apple explained their decision to pull the document:

"We have removed the KnowledgeBase article because it was old and inaccurate," Apple said in a statement sent to SecurityFocus. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection."

I have been a Mac user since the MacPlus and still use a MDD G4 dual 1.0 and G5 iMac for my home set-up, an Intel macBook for work. I have for nearly all of my 20 plus years using Macs never used virus software, except for that software that was putout by the guys at Northwestern. I atarted to with my first Intel machine. I have no problems to this point that I am aware of, but the MacBook has been alerted a couple of times to delete two files that appeared out of nowhere. Accepting the improvements with the Intel CPUs means we also have to accept that we are more vulnerable than the old Motorola days.

I'm not a Mac user, but I always thought the Mac sense of security wasn't really based on fact. Now that Mac systems are back to a sizable chunk of the marketplace, virus makers will turn their attention to the faults in those systems.

I've used Macs for about six years and for most of that time have used the Intego software. I by no means am a computer geek, but probably am more proficient than many of my Boomer cohorts. I've got a healthy level of paranoia about viruses after seeing their effect on friends' Windows machines. The Intego product is easy to set up and use, with decent documentation, and I have had no problems with viruses. I've used the Symantec product on my PC machines, but found the documentation nearly unintelligible. I never quite understood what I was doing as I set it up, nor could I fathom the various options Norton offered for customizing its firewall and anti-virus software.

READ the quote.
They are encouraging the use ->to make it more difficult for virus writers.
It doesn't say anything else. They are just being proactive based on the fact that their market share is growing. It seems prudent to me.
It is not news and it shouldn't be news to you. If you get wind of a successful virus on a Mac - now that would be news!

Mac user and network/sysadmin since 1984. I remember the actual machine-code Mac viruses of the 1980's; there has not been a successful Mac virus since WDEF in 1989, and that only executed on the long-retired Mac OS. 19 virus-free years is pretty impressive, but that doesn't mean Mac users shouldn't be vigilant. Phishers and trojans are just as likely to bite an unwary Mac user, and no one should ignore patches and updates. These fix dangerous conditions like buffer overruns that allow a hacker to take control without even having to guess a password. But viruses don't work and are not likely to work given the Mac OS's Unix-based security architecture. On the other hand, if you regularly use Microsoft applications (which helpfully provides the run-time environment for the majority of viruses) and exchange documents with Windows users it's a good idea to run a virus scanner just to avoid becoming the office's "typhoid Mac."

@JkR -- As I said, it was just a hunch. About every other week I do a Live Online chat, and it seems I've received quite a few more questions about Mac security lately. I don't answer all of the questions I get (many are essentially the same question), so that might not be reflected in the chats so much.

I had Norton on my OS 8/9 Powerbook (no longer active) and it was a pain. I've never had anti-virus software on my 2 1/2 year-old Mac Mini. Macworld has gently pushed anti-virus software, but then they have advertisers who sell that s/w.

I'd like to first know if Apple is saying this because they're admitting that malware is appearing faster than they can produce security updates.

As for market share, if I were a virus writer I would have attacked the Mac user base already on the logic that 90+% (those Mac users without anti-virus software) of a small user base is easy to exploit. Maybe it's just that few crooks know how to program for OS X.

I've seen data for Mac penetration from everywhere from 5%-12%. A far cry from Apple's dismal numbers a few years ago. Also global sales aren't the thing, as Apple's manufacturing isn't up to snuff. It's about what they put into the bigger countries, US, Europe, etc.

Apple zealots will tell you it's closer to 20% share now, but you could still figure safely that it's about it's 1 in 10. Not a terribly bad ratio of potentially unprotected computers. Also figure that they're essentially Linux machines which could theoretically boost the target numbers for a malicious programmer.

From a April 2008 Forbes article: "In the consumer market, where Apple does compete, he (Gene Munster of Piper Jaffrey) estimates the Mac’s share is now 10% worldwide and an impressive 21% in the U.S."

OK, years ago, I had Norton as well as Symantec anti-virus software and had not ONE problem in terms of ever even getting a virus. Nary an alert nor a warning! The only problem I had back then was that anti-virus software got in the way of installing programs as well as updates to existing software from the company itself. As a consultant, I was kept busy helping people to just install their software when they had virus programs. It was, excuse the pun, a virtual pain. Even today, I have not had a single piece of mal-ware or even the inking of a virus. I will not cower to Apple's own sense that the virus world is now ratcheting up to attack the Mac universe. It is STILL too small of a piece of the proverbial "viral destructive pie" for programmers looking for the "thrill" of getting their virus's name in the paper.

I have a small (3 machines) Mac home network on a cable Internet connection, and have never run anti-virus software on any of them. We (my wife and I) practice safe surfing by avoiding clicking on links we do not know or understand - LIKE THE MISERABLE FLOATING ADS that have infected WaPo lately. We have never had a problem, although there have been a couple instances over the years where clicking a link downloaded a .exe file and tried to run it!

I use Intego VirusBarrier X5 on my Mac and install it on all the Macs I setup for other people. Unlike Norton, it runs efficiently, doesn't hobble performance, and gets the job done. Since my data contains personal photos and my media library, I don't want to take any chances with it. The risk may be low, but the risk is still there. The cost of failing to mitigate the risk--and suffering from infection--could be enormous in terms of the time to recover data from backups, rebuilding a system, dealing with secondary infections, etc.

Given the lack so far of any successful OS X viruses, I can think of three reasons to install AV SW on a mac:

1. Install it on your Windows partition or virtual machine ;-)
2. Being a good citizen if you exchange a lot of docs with windows coworkers whom you might inadvertently infect
3. Use it to clean up malware YOU allowed to install itself, and you want to continue your idiotic habits.

Most of the recent Mac exploits are more trojans that users are tricked into installing, rather than classic viruses; but this is true of Windows now also. I recently installed Avast on my Mac Pro and saw a variety of Windows malware in my email attachments folder - probably downloaded along with spam. I subsequently installed Avast on a new MacBook running XP and found the same ecard.exe trojan there. It was not caught by the current Kaspersky AV suite. Me, I've no desire to forward something to a Windows-running friend or colleague in any case. Macs may be a good bit safer, but still.

Brian, Thanks for your contributions in the field of computer security. Your keynote recently at the High Technology Criminal Investigstors Association in Atlantic City was a real eye-opener. Glad you're paying attention to us 'fanboys' with Macs :-) BTW, I'm sending this on my new Acer Aspire One. Wish Apple would serve the small form factor tablet market. I still fondly remember the Newton that could have grown up to fill this niche . . .

At work, on the PCs we use ESET. At home, on the Macs I use ClamXav. I tried Intego VirusBarrier, and think it is a good application, but I don't think I want to pay that price. And being a reader of the European magazines that focus on Apple products, none of these believe attacks on Macs really warrant paying $70 or more for something that other programs do for free. Since, I use a flash (thumb) drive to transfer files back and forth from work to home and back again; I have been using ClamXav for a few years now. I hated Norton 360 on the PC, so I doubt I would go with a traditional vendor who traditionally works on a Windows platform.

Since 2005 ClamXAV has had a sentry mode that will monitor folders. A simple strategy is to monitor the Safari Downloads folder.
The main aim is to prevent virus-infected files from being saved to your hard disk via email attachments or sent to poor Windows users via email.
Some links to anti-virus software and tips at:http://users.tpg.com.au/aoaug/mac_osx.html#virus_software
(they are getting a little dated)

I use a macbook pro with NoScript downloaded from Mozilla/FireFox, and it's been great so far.
You feel like you're in control of what you download in a web page on a daily basis.
That said, what worries me about this report is that Apple isn't specific on what malware or virus could attack a Mac.
A little more info would help.

This is a prudent position for Apple. Depending on your industry or location (creative-based industries, any college campus, etc.) entire populations use Macs, particularly among personal users.

Thankfully, my 20 years of Mac use has been virus-free, even without protection. While none of my PC-using friends can say that, I'll probably err on the side of virus-protection over gloating. I'm also backing up all data on an old 80gig iPod. Losing that info would be like my house burning down!

I suspect Booyah5000 has the correct analysis: It's not a technical issue, but the Apple legal department, that has caused this.

Apple has been advertising the lack of viruses for Mac -- and there are none -- but if there ever is one, rapacious lawyers will be quick to file class-action lawsuits against Apple, to wit: "You said there were no Mac viruses, and our clients bought Macs in good faith based on that assertion. Now we see there ARE Mac viruses. Give us lawyers tens of millions of dollars, and give our clients in the plaintiff class coupons for five dollars off the purchase of a new Mac." But by saying "You should use antivirus software," Apple establishes a legal defense.

That having been said, I use ClamXav, and have its Folder Sentry set to scan my incoming mail and downloads folder.

Another ClamXAV user. My only reason for using it is to avoid spreading any nasties to my PC using friends & family members. I have the Sentry sent up to automatically scan my incoming & outgoing email as well as my downloads folder.

Please do not try to convince us and direct us to these ANTI....CRAP makers, to help them invade our MACs and make more money.

Even when I was under the influence of Gates & his empire, in very extreme circumstances I have had a virus warning.
I never was infected either. Partly because I was and am a smart user.
The simple rule #1 is not to open ANY attachments.
Using MAC can't be more EASIER.
MAC rules in this area by having a....PREVIEW !
PREVIEW is THE BEST TOOL ever existed. Period.

PREVIEW is better than any firewall and shmairewall.
Want to make your MAC look like windoZ PC , heavy, slow, stinky...? Go ahead and install all this anti.... crap.

NO, WE MAC USERS DO NOT NEED all this crap!
Please do not try to convince us and direct us to these ANTI....CRAP makers, to help them invade our MACs.

Mr.Kreps, please stop this non-sense.
If you're paranoid and feel unsecure, use your firewall, use your anti crap software.
But DO NOT tell us to do what windoZ slaves do.
We DON'T NEED IT!

I don't have any antivirus software on a mac, since most actually do more harm than good to the system.

Also if Mr.Krebs would have maybe thought thru on this one a little more he could have prevented himself some embarrassment of over hyping an old KB article.

The article is an old one (they don't put OLD Article in the ID unless its been around well before the current knowledge base system), not only that the November 21st date is the "Last Modified" date, not when the article was pushed up.

Common sense would dictate they modify that article periodically so that products listed in the suggestion area are current, and don't lead to a dead store link.

I have to admit that I heard rumblings about Mac viruses recently. I was still dubious of the claim that there were any real threats widespread enough to pose even a moderate risk of Mac infection. All that changed at the begining of our semester when I was helping students load/configure computers for our network. I indeed came across several Apple laptops that were infected, according to our Network Associates VirusScan. I cant say anything about the vector of infection but we had to clean up at least 3 machines.

A chill goes up my spine every time I hear anyone say they don't run AV no matter what the OS. I have seen and fought numerous infections from legitimate websites (rather than dodgy ones) with absolutely no user interaction what so ever or via a network and a 0-day unpatchable (as of the time) exploit. It boils my blood when I see people say things like "I don't run AV and I'm just fine. You just need to have a clue". No, they have just been lucky (if they are actually right about not having anything, they might and just not know about it).

I laugh when I see mac users shrug off the mac viruses saying "But you have to manually execute them and type in your password". The same can be said for the majority of Windows malware and viruses in the last 10 years. They aren't self executing but rather need to trick the user in to running it. The mac ones are no different.

Maybe it's just my paranoia after many years of fighting viruses and malware on Windows systems both with and without the assistance of scanning applications and both with and without being in the same city as the infected machine, but on my Mac I have things set up exactly the same as I did on my PC before it was shelved. My email set up as plain text only, use Firefox as my browser with the adblockplus, siteadvisor and noscript addons, firewall constantly on and blocking by default, plus I have ClamX constantly monitoring my /Applications, /bin, /var, /user and /voumes/Storage (where all my downloads go) directories.

Now if you excuse me, I need to go make some adjustments to my tin foil hat. :P

here is another excerpt from another Apple article "Last Modified: April 29, 2008" but also likely from a much older article since the "Old Article: 303602"

"Mac Maintenance Quick Assist"... 6) Check for Viruses
Macs are far more less likely to get a computer virus like Windows PCs are prone to but that doesn't mean it's impossible. If you don't already have antivirus software, you may want to consider making a purchase. If you have the software installed, be sure to keep your virus definitions up to date—you can find the latest updates on your software manufacturer's website.

again... the premiss of your article is false use of A/V is probably good as a precaution on a mac but the reality is that it's probably not the necessary on a patched mac... probably the best reason to us A/V on your mac would be to not propagate virus to you PC friends... even though the virus your infected with will have absolutely no effect on your mac once you pass them on to your PC friends they will go to work their.

@kolbk: "Also figure that they're essentially Linux machines which could theoretically boost the target numbers for a malicious programmer."

A red herring: Mac OS X is a heavily modified BSD (which is UNIX) running on a mach microkernel, and GNU/Linux is a UNIX-like OS running on a monolithic kernel. Everything is different except maybe the hardware architecture. Just remember that both Mach and Linux run on a much wider variety of hardware than Microsoft Windows's kernel, libraries, etc.

I have used dozens of Macs since 1985 (the first had the number 128 associated with it) both at home and in my office (never owned or used a DOS or Windows machine in my life). Many years ago I had an infection with a WDEF creature that was dealt with by a freeware software. I have had nothing since. In antiquity I bought an antivirus program that has since been incorporated into the Norton product. All it did was warn and and interfere with installation of programs. In recent years, periodically, I have run ClamXav. It has never detected anything. Recently, I ran iAntiVirus. It found nothing.

I agree with those posters who say that currently, the main reason to utilize anti-virus software on a Mac is to prevent the passing on of viruses to those with PCs, when sending attachments.

I've used Intego Virus Barrier with much success, once I got a virus via a Microsoft Word document with an evil macro--sent as a working doc by an unknowing colleague, also on Mac. The virus didn't affect me, but I couldn't send the document to colleagues or clients with PCs--their anti-virus software refused it and/or quarantined it. Intego found and fixed the problems, and there are regular updates as new viruses are found.